authz: move LD Sig check from Protocol.receive to activitypub.inbox

for #566
2024-05-29 21:17:38 -07:00 · 2024-05-29 21:17:38 -07:00 · 9f33767f33
commit 9f33767f33
--- a/activitypub.py
+++ b/activitypub.py
@ -999,6 +999,11 @@ def inbox(protocol=None, id=None):

    authed_as = ActivityPub.verify_signature(activity)

+    # if we need the LD Sig to authorize this activity, bail out, we don't do
+    # those yet
+    if authed_as != actor_id and activity.get('signature'):
+        error(f"Ignoring LD Signature, sorry, we can't verify those yet. https://github.com/snarfed/bridgy-fed/issues/566", status=202)
+
    # check that this activity is public. only do this for creates, not likes,
    # follows, or other activity types, since Mastodon doesn't currently mark
    # those as explicitly public. Use as2's is_public instead of as1's because
--- a/protocol.py
+++ b/protocol.py
@ -767,9 +767,6 @@ class Protocol:
            authed_as = normalize_user_id(id=authed_as, proto=from_cls)
            actor = normalize_user_id(id=actor, proto=from_cls)
            if actor != authed_as:
-                if ld_sig := obj.as1.get('signature'):
-                    creator = ld_sig.get('creator', '')
-                    error(f"Ignoring LD Signature from {creator} , sorry, we can't verify those yet. https://github.com/snarfed/bridgy-fed/issues/566", status=204)
                logger.warning(f"Auth: actor {actor} isn't authed user {authed_as}")
        else:
            logger.warning(f"Auth: missing authed_as!")
--- a/tests/test_activitypub.py
+++ b/tests/test_activitypub.py
@ -1443,7 +1443,23 @@ class ActivityPubTest(TestCase):
                                      data=body, headers=headers):
            self.assertEqual(actor, ActivityPub.verify_signature(None))

-    # def test_inbox_verify_http_signature_follow_publicKey_owner(self, _, __, ___):
+    def test_inbox_ignore_forward_with_ld_sig(self, _, __, ___):
+        actor = self.make_user(ACTOR['id'], cls=ActivityPub, obj_as2=ACTOR),
+
+        got = self.post('/user.com/inbox', json={
+            'id': 'http://inst/post',
+            'objectType': 'note',
+            'author': ACTOR['id'],
+            'signature': {
+                'type': 'RsaSignature2017',
+                'creator': 'fake:other#main-key',
+                'created': '2024-05-20T01:52:09Z',
+                'signatureValue': '...',
+            },
+        })
+        self.assertEqual(202, got.status_code)
+        self.assertIn('Ignoring LD Signature', got.text)
+        self.assertIsNone(Object.get_by_id('http://inst/post'))

    def test_delete_actor(self, *mocks):
        deleted = self.make_user(DELETE['actor'], cls=ActivityPub)
--- a/tests/test_protocol.py
+++ b/tests/test_protocol.py
@ -2382,31 +2382,6 @@ class ProtocolReceiveTest(TestCase):
        self.assertIn("Auth: actor fake:user isn't authed user fake:other",
                      ' '.join(logs.output))

-    def test_receive_task_handler_not_authed_as_actor_with_ld_sig(self):
-        note = {
-            'id': 'fake:post',
-            'objectType': 'note',
-            'author': 'fake:other',
-            'signature': {
-                'type': 'RsaSignature2017',
-                'creator': 'fake:other#main-key',
-                'created': '2024-05-20T01:52:09Z',
-                'signatureValue': '...',
-            },
-        }
-        obj = self.store_object(id='fake:post', our_as1=note,
-                                source_protocol='fake')
-
-        with self.assertLogs() as logs:
-            got = self.post('/queue/receive', data={
-                'obj': obj.key.urlsafe(),
-                'authed_as': 'fake:eve',
-            })
-            self.assertEqual(204, got.status_code)
-
-        self.assertIn("Ignoring LD Signature from fake:other#main-key",
-                      ' '.join(logs.output))
-
    def test_receive_task_handler_NO_AUTH_DOMAINS(self):
        note = {
            'id': 'fake:post',